Claims 



What is claimed is: 

1. A method for determining a level of trust in an authenticated identifica- 
tion, comprising: 

performing at least one authentication to obtain an authentication result, 
each authentication having a score, each result indicating 
whether the corresponding authentication is successful; and 

combining the scores for the successful authentications to determine a 
level of trust. 

2. The method of claim 1, wherein performing at least one authentication 
comprises authenticating a purported identification. 

3. The method of claim 1, wherein performing at least one authentication 
comprises authenticating a purported identification of one selected from the 
group consisting of a person, a document, and an item. 

4. The method of claim 1, further comprising: 

responsive to the determined level of trust exceeding a predetermined 
threshold, allowing access to a resource. 

5. The method of claim 1, further comprising: 
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responsive to the determined level of trust exceeding a predetermined 
threshold, selecting a role for a user. 

6. The method of claim 1, further comprising: 

responsive to the determined level of trust exceeding a predetermined 
threshold, offering a user a role for selection. 

7. The method of claim 1, further comprising: 

responsive to the determined level of trust not exceeding a predetermined 
threshold, denying access to a resource. 

8. The method of claim 1, further comprising: 

responsive to the determined level of trust exceeding a first predeter- 
mined threshold, allowing a first level of access to a resource; 
and 

responsive to the determined level of trust exceeding a second predeter- 
mined threshold, allowing a second level of access to a resource. 

9. The method of claim 8, wherein each level of access corresponds to an 
allowed action with respect to the resource. 

10. The method of claim 8, wherein the first level of access comprises 
reading the resource and the second level of access comprises modifying the re- 
source. 
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11. The method of claim 4, 7, 8, 9, or 10, wherein the resource comprises a 
document. 

12. The method of claim 1, further comprising: 

receiving a request for an action, the action being associated with a prede- 
termined minimum level of trust; 

responsive to the determined level of trust exceeding the predetermined 
minimum level of trust, allowing the requested action to pro- 
ceed; and 

responsive to the determined level of trust not exceeding the predeter- 
mined minimum level of trust, denying the requested action. 

13. The method of claim 1, further comprising: 

presenting a list of allowable actions having minimum trust levels not ex- 
ceeding the determined level of trust. 

14. The method of claim 13, further comprising: 
receiving input specifying one of the presented actions; and 
initiating the specified action. 

15. The method of claim 1, wherein combining the scores comprises de- 
termining a sum of the scores for the successful authentications. 
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16. The method of claim 1, wherein each authentication is performed ac- 
cording to an authentication method, and wherein the score for each authentica- 
tion is associated with the corresponding authentication method. 

17. The method of claim 16, where each authentication method is selected 
from the group consisting of: 

password authentication; 
secret question authentication; 
smartcard authentication; 
processor identification; 
biometric identification; and 
location identification. 

18. The method of claim 1, wherein performing at least one authentication 
comprises determining a characteristic of a network connection. 

19. The method of claim 18, wherein the determined characteristic of the 
network connection comprises a physical location of a computer connected via 
the network. 

20. The method of claim 18, wherein the determined characteristic of the 
network connection comprises a degree of security associated with the network 
connection. 
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21. The method of claim 18, wherein the determined characteristic of the 
network connection comprises a previous authentication. 

22. The method of claim 1, wherein each score indicates a relative degree 
of reliability of the corresponding authentication. 

23. The method of claim 1, further comprising: 

responsive to the determined level of trust, determining whether to allow 
or deny each of a plurality of requested actions during a user 
session. 

24. A system for determining a level of trust in an authenticated identifi- 
cation, comprising: 

an authenticator, for performing at least one authentication to obtain an 
authentication result, each authentication having a score, each 
result indicating whether the corresponding authentication is 
successful; and 

a score combiner, coupled to the authenticator, for combining the scores 
for the successful authentications to determine a level of trust. 

25. The system of claim 24, wherein performing at least one authentica- 
tion comprises authenticating a purported identification. 
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26. The system of claim 24, wherein the authenticates authenticates a 
purported identification of one selected from the group consisting of a person, a 
document, and an item. 

27. The system of claim 24, wherein the authenticator, responsive to the 
determined level of trust exceeding a predetermined threshold, allows access to a 
resource. 

28. The system of claim 24, wherein the authenticator, responsive to the 
determined level of trust exceeding a predetermined threshold, selects a role for 
a user. 

29. The system of claim 24, wherein the authenticator, responsive to the 
determined level of trust exceeding a predetermined threshold, offers a user a 
role for selection. 

30. The system of claim 24, wherein the authenticator, responsive to the 
determined level of trust not exceeding a predetermined threshold, denies access 
to a resource. 

31. The system of claim 24, wherein the authenticator, responsive to the 
determined level of trust exceeding a first predetermined threshold, allows a first 
level of access to a resource, and, responsive to the determined level of trust ex- 
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ceeding a second predetermined threshold, allows a second level of access to a 
resource. 

32. The system of claim 31, wherein each level of access corresponds to an 
allowed action with respect to the resource. 

33. The system of claim 31, wherein the first level of access comprises 
reading the resource and the second level of access comprises modifying the re- 
source. 

34. The system of claim 27, 30, 31, 32, or 33, wherein the resource com- 
prises a document. 

35. The system of claim 24, further comprising: 

an action input device, couple to the authenticator, for receiving a request 
for an action, the action being associated with a predetermined 
minimum level of trust; 

wherein the authenticator, responsive to the determined level of trust ex- 
ceeding the predetermined minimum level of trust, allows the requested action 
to proceed, and, responsive to the determined level of trust not exceeding the 
predetermined minimum level of trust, denies the requested action 

36. The system of claim 24, further comprising: 
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2 an output device, coupled to the authenticate*, for presenting a list of al- 

3 lowable actions having minimum trust levels not exceeding the 

4 determined level of trust. 

1 37. The system of claim 36, further comprising: 

2 an input device, coupled to the output device, for receiving input specify- 

3 ing one of the presented actions; and 

4 a transaction manager, coupled to the input device, for initiating the speci- 

5 fied action. 

1 38. The system of claim 24, wherein the score combiner determines a sum 

2 of the scores for the successful authentications. 

1 39. The system of claim 24, wherein each authentication is performed ac- 

2 cording to an authentication method, and wherein the score for each authentica- 

3 tion is associated with the corresponding authentication method. 

1 40. The system of claim 39, where each authentication method is selected 

2 from the group consisting of: 

3 password authentication; 

4 secret question authentication; 

5 smartcard authentication; 

6 processor identification; 
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biometric identification; and 
location identification. 

41. The system of claim 24, wherein the authenticator performs at least 
one authentication by determining a characteristic of a network connection. 

42. The system of claim 41, wherein the determined characteristic of the 
network connection comprises a physical location of a computer connected via 
the network. 

43. The system of claim 41, wherein the determined characteristic of the 
network connection comprises a degree of security associated with the network 
connection. 

44. The system of claim 41, wherein the determined characteristic of the 
network connection comprises a previous authentication. 

45. The system of claim 24, wherein each score indicates a relative degree 
of reliability of the corresponding authentication. 

46. The system of claim 24, wherein the authenticator, responsive to the 
determined level of trust, determines whether to allow or deny each of a plural- 
ity of requested actions during a user session. 
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1 47. A computer-readable medium for determining a level of trust in an 

2 authenticated identification, comprising: 

3 computer-readable code adapted to perform at least one authentication to 

4 obtain an authentication result, each authentication having a 

5 score, each result indicating whether the corresponding authen- 

6 tication is successful; and 

7 computer-readable code adapted to combine the scores for the successful 

8 authentications to determine a level of trust. 

1 48. The computer-readable medium of claim 47, wherein the computer- 

2 readable code adapted to perform at least one authentication comprises com- 

3 puter-readable code adapted to authenticate a purported identification. 

2 49. The computer-readable medium of claim 47, wherein the computer- 

2 readable code adapted to perform at least one authentication comprises com- 

3 puter-readable code adapted to authenticate a purported identification of one se- 

4 lected from the group consisting of a person, a document, and an item. 

1 50. The computer-readable medium of claim 47, further comprising: 

2 computer-readable code adapted to, responsive to the determined level of 

3 trust exceeding a predetermined threshold, allow access to a re- 

4 source. 
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1 51. The computer-readable medium of claim 47, further comprising: 

2 computer-readable code adapted to, responsive to the determined level of 

3 trust exceeding a predetermined threshold, select a role for a 

4 user. 



52. The computer-readable medium of claim 47, further comprising: 
computer-readable code adapted to, responsive to the determined level of 

trust exceeding a predetermined threshold, offer a user a role 
for selection. 

53. The computer-readable medium of claim 47, further comprising: 
computer-readable code adapted to, responsive to the determined level of 

trust not exceeding a predetermined threshold, deny access to a 
resource. 



1 54. The computer-readable medium of claim 47, further comprising: 

2 computer-readable code adapted to, responsive to the determined level of 

3 trust exceeding a first predetermined threshold, allow a first 

4 level of access to a resource, and, responsive to the determined 

5 level of trust exceeding a second predetermined threshold, al- 

6 lowing a second level of access to a resource. 



2 
2 
3 
4 

1 
2 
3 
4 
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55. The computer-readable medium of claim 54, wherein each level of ac- 
cess corresponds to an allowed action with respect to the resource. 

56. The computer-readable medium of claim 54, wherein the first level of 
access comprises reading the resource and the second level of access comprises 
modifying the resource. 

57. The computer-readable medium of claim 50, 53, 54, 55, or 56, wherein 
the resource comprises a document. 

58. The computer-readable medium of claim 47, further comprising: 
computer-readable code adapted to receive a request for an action, the ac- 
tion being associated with a predetermined minimum level of 
trust; 

computer-readable code adapted to, responsive to the determined level of 
trust exceeding the predetermined minimum level of trust, al- 
low the requested action to proceed, and, responsive to the de- 
termined level of trust not exceeding the predetermined mini- 
mum level of trust, deny the requested action. 

59. The computer-readable medium of claim 47, further comprising: 
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2 computer-readable code adapted to present a list of allowable actions hav- 

3 < ing minimum trust levels not exceeding the determined level of 

4 trust. 

1 60. The computer-readable medium of claim 59, further comprising: 

2 computer-readable code adapted to receive input specifying one of the 

3 presented actions; and 

4 computer-readable code adapted to initiate the specified action. 

1 61. The computer-readable medium of claim 47, wherein the computer- 

2 readable code adapted to combine the scores comprises computer-readable code 

3 adapted to determine a sum of the scores for the successful authentications. 



1 62. The computer-readable medium of claim 47, wherein the computer- 

2 readable code adapted to perform at least one authentication performs each au- 

3 thentication according to an authentication method, and wherein the score for 

4 each authentication is associated with the corresponding authentication method. 

1 63. The computer-readable medium of claim 62, where each authentica- 

2 tion method is selected from the group consisting of: 

3 password authentication; 

4 secret question authentication; 

5 smartcard authentication; 
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processor identification; 
biometric identification; and 
location identification. 

64. The computer-readable medium of claim 47, wherein the computer- 
readable code adapted to perform at least one authentication comprises com- 
puter-readable code adapted to determine a characteristic of a network connec- 
tion. 

65. The computer-readable medium of claim 64, wherein the determined 
characteristic of the network connection comprises a physical location of a com- 
puter connected via the network. 

66. The computer-readable medium of claim 64, wherein the determined 
characteristic of the network connection comprises a degree of security associ- 
ated with the network connection. 

67. The computer-readable medium of claim 64, wherein the determined 
characteristic of the network connection comprises a previous authentication. 

68. The computer-readable medium of claim 47, wherein each score indi- 
cates a relative degree of reliability of the corresponding authentication. 

69. The computer-readable medium of claim 47, further comprising: 
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2 computer-readable code adapted to, responsive to the determined level of 

3 trust, determine whether to allow or deny each of a plurality of 

4 requested actions during a user session. 

1 70. A system for determining a level of trust in an authenticated identif i- 

2 cation, comprising: 

3 authenticating means, for performing at least one authentication to obtain 

4 an authentication result, each authentication having a score, 

5 each result indicating whether the corresponding authentication 

6 is successful; and 

7 score combining means, coupled to the authenticating means, for combin- 

8 ing the scores for the successful authentications to determine a 

9 level of trust 

1 71. The system of claim 70, wherein the authenticating means, responsive 

2 to the determined level of trust exceeding a predetermined threshold, allows ac- 

3 cess to a resource. 

1 72. The system of claim 70, wherein the authenticating means, responsive 

2 to the determined level of trust exceeding a predetermined threshold, selects a 

3 role for a user. 
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73. The system of claim 70, wherein the authenticating means, responsive 
to the determined level of trust exceeding a predetermined threshold, offers a 
user a role for selection. 

74. The system of claim 70, wherein the authenticating means, responsive 
to the determined level of trust not exceeding a predetermined threshold, denies 
access to a resource. 

75. The system of claim 70, wherein the authenticating means, responsive 
to the determined level of trust exceeding a first predetermined threshold, allows 
a first level of access to a resource, and, responsive to the determined level of 
trust exceeding a second predetermined threshold, allows a second level of ac- 
cess to a resource. 
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